Silverlight 4.0 and WCF RIA Services Security

Question

Hi guys. I'm recently want to develop an application for my company. I've checked the Silverlight 4.0 and WCF RIA Services. Its really amazing and I got tempted to use these services for our application. But I have a couple of questions:

1. Is there any ways to prevent unauthorized users not to be able to connect to the service and enumerate its classes, methods or properties?
2. How to make sure that just our client software whether it is Silverlight, WPF or Win Forms can connect to the server and not a third party app?
3. Does WCF RIA Services support for NetTcp bindings for intranets?

BTW: Our application will be used globally just by the company employees and must not be available to the unauthorized users.

Thanks

Answer 1

Hi!

1. Yes, you can require an authorization service to authenticate each session. I highly recommend reading up on Nikhil Kothari's blog (He kind of fathered WCF RIA). He came out with a Book Club application that require authentication. http://www.nikhilk.net/RIA-Services-MIX10-Slides-Code.aspx

2. You can't really totally require only silverlight. But, if you require an authorization service to authenticate the user, you at least know they were authorized access to the services.

3. I'm almost certain this should work for your intranet. Someone else may have to step in and help you with the particulars. I have no experience running WCF RIA over wan. However, since it operates over standard http ports, you should be able to do it. There is nothing super special about the connection to a WCF RIA service. It is simply a WCF service.

I hope this helps!

Good luck!

Answer 2

Answer to third: You can configure different endpoints to work with different bindings, you could make the endpoint that is only accessible on the local network (firewall) work with NetTcp binding and other endpoints with some security binding.